Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jbf1OgFpsM6qLu8GKJ4KosCBdKg.roa
File: jbf1OgFpsM6qLu8GKJ4KosCBdKg.roa (raw, json)
Hash identifier: 9rdohn/xUPLiqK5J0KehggQH2lJkRnq6pTGeMVdDBH0=
Subject key identifier: 8D:B7:F5:3A:01:69:B0:CE:AA:2E:EF:06:28:9E:0A:A2:C0:81:74:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4479
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jbf1OgFpsM6qLu8GKJ4KosCBdKg.roa
Signing time: Fri 19 Apr 2024 21:23:04 +0000
ROA not before: Fri 19 Apr 2024 21:23:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17529 (0x4479)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 21:23:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8DB7F53A0169B0CEAA2EEF06289E0AA2C08174A8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:f6:2c:a8:b8:5f:7d:56:93:1b:ea:21:6a:1b:
09:13:03:e5:3f:07:1b:53:c6:a9:e8:82:c4:49:44:
61:9a:70:16:b0:1c:0c:59:bf:7a:7d:ac:7b:ba:02:
92:d8:5e:67:14:79:f4:78:49:35:29:a0:4f:70:df:
aa:5d:b8:cb:20:e5:2b:f0:63:c6:f1:a2:15:d5:44:
ef:4b:c2:ee:82:3f:c2:a4:2f:60:6d:50:7f:4a:3a:
07:9c:f2:a5:96:15:ee:5e:66:12:6a:c3:e0:93:b7:
25:9f:3a:50:c0:0a:12:c7:67:7f:92:e4:00:8a:8f:
69:00:62:7d:d3:d9:7f:80:38:84:81:a0:8e:da:f2:
7d:51:c7:54:b3:08:7e:23:62:c8:8f:33:e7:9e:5c:
d8:fb:51:3d:92:ef:5e:24:f1:01:56:cf:bc:25:44:
a0:bc:41:5b:72:ec:1a:0b:49:98:8c:56:40:f7:8a:
46:c9:86:57:b8:5c:cf:a0:4e:8a:36:af:eb:3b:06:
10:b8:d2:2e:dc:17:38:de:b5:f7:42:b6:ff:e2:53:
31:58:42:28:c9:f1:70:60:c3:ca:8a:23:6a:7c:4f:
79:fc:75:4b:30:96:50:9b:be:cd:3f:6f:8c:01:c8:
25:1c:73:43:0c:ec:fb:26:81:a4:8e:e7:d8:53:d6:
02:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:B7:F5:3A:01:69:B0:CE:AA:2E:EF:06:28:9E:0A:A2:C0:81:74:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jbf1OgFpsM6qLu8GKJ4KosCBdKg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a0:6a:4f:f3:93:28:04:45:af:b9:78:0c:dc:d6:0e:38:54:59:
38:af:e2:8a:01:d4:f4:a3:e6:88:c4:8d:ae:c6:bc:25:b8:3c:
c0:ee:74:e0:d7:ac:f9:3f:07:59:a2:4c:cc:dd:92:60:b8:9f:
1b:17:e1:51:13:9e:a4:ea:23:08:cc:8a:09:69:41:63:25:2d:
49:8c:d3:75:b2:0c:b4:51:44:f4:21:42:bf:df:75:8d:36:87:
f9:25:1a:34:d5:2c:a5:bb:2a:88:52:1d:96:60:5b:b7:a8:da:
cc:0a:e4:da:b4:d1:7e:f4:da:71:d8:dc:32:d3:00:d6:52:16:
59:fd:a0:57:1f:a1:50:3c:af:06:b4:28:e2:67:c5:52:78:fe:
c6:92:c4:92:9a:9e:dc:5d:cf:22:c7:20:09:6c:f9:75:16:7a:
fc:76:fb:a3:39:0f:59:08:90:51:3a:ef:ec:44:b4:b0:b4:0d:
e4:91:fd:45:7b:12:34:8d:cf:49:ab:50:36:53:e3:0c:d7:6b:
90:e2:80:8d:2d:70:45:0c:22:7a:3d:20:a5:80:9f:4f:35:0b:
68:70:4e:6c:59:19:54:d9:78:c8:ad:ce:59:fd:d3:9e:3e:0b:
a7:98:cf:85:7d:3e:ad:a3:bd:68:06:5f:8c:2c:6b:20:37:bf:
04:fe:d9:3c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRHkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTky
MTIzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhEQjdGNTNBMDE2OUIw
Q0VBQTJFRUYwNjI4OUUwQUEyQzA4MTc0QTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+9iyouF99VpMb6iFqGwkTA+U/BxtTxqnogsRJRGGacBawHAxZ
v3p9rHu6ApLYXmcUefR4STUpoE9w36pduMsg5SvwY8bxohXVRO9Lwu6CP8KkL2Bt
UH9KOgec8qWWFe5eZhJqw+CTtyWfOlDAChLHZ3+S5ACKj2kAYn3T2X+AOISBoI7a
8n1Rx1SzCH4jYsiPM+eeXNj7UT2S714k8QFWz7wlRKC8QVty7BoLSZiMVkD3ikbJ
hle4XM+gToo2r+s7BhC40i7cFzjetfdCtv/iUzFYQijJ8XBgw8qKI2p8T3n8dUsw
llCbvs0/b4wByCUcc0MM7PsmgaSO59hT1gKHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUjbf1OgFpsM6qLu8GKJ4KosCBdKgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2piZjFPZ0Zwc002cUx1
OEdLSjRLb3NDQmRLZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKBqT/OTKARFr7l4
DNzWDjhUWTiv4ooB1PSj5ojEja7GvCW4PMDudODXrPk/B1miTMzdkmC4nxsX4VET
nqTqIwjMiglpQWMlLUmM03WyDLRRRPQhQr/fdY02h/klGjTVLKW7KohSHZZgW7eo
2swK5Nq00X702nHY3DLTANZSFln9oFcfoVA8rwa0KOJnxVJ4/saSxJKantxdzyLH
IAls+XUWevx2+6M5D1kIkFE67+xEtLC0DeSR/UV7EjSNz0mrUDZT4wzXa5DigI0t
cEUMIno9IKWAn081C2hwTmxZGVTZeMitzln9054+C6eYz4V9Pq2jvWgGX4wsayA3
vwT+2Tw=
-----END CERTIFICATE-----
Generated at Sat May 17 19:43:13 2025 by rpki-client